extract

Based on the provided skill documentation, the behavior described (browser OAuth, storing tokens in ~/.mcp-auth/, or using a TAVILY_API_KEY, and POSTing requested URLs to https://api.tavily.com/extract) is consistent with the stated purpose. The primary security consideration is privacy: web pages and their content are sent to a third-party service (Tavily), so users should not submit sensitive or confidential pages unless they trust the service and its data handling policies. No evidence in the documentation indicates malicious behavior, obfuscation, or credential-harvesting beyond the documented, expected authentication mechanisms. However, actual script implementation must be audited to confirm it implements the documented endpoints and storage locations and does not exfiltrate data to other domains.